Challenge: Adding a Restricted Razor Page

Overview

In this challenge, you will need to apply specific authorization requirements on individual pages in a Razor Pages app.

Requirements

In the playground at the end of this lesson, you have the following two applications:

• A Razor Pages application represented by the DemoApp project

• An IdP server application represented by the OpenIddictAuthProvider project

At the moment, the Razor Pages application is correctly configured to connect to the IdP application if the OIDC authentication flow is initiated. However, there is some logic missing to apply authentication and authorization requirements to the app. All pages of the app are accessible by anonymous users and the authentication flow doesn't get initiated by default.

You must apply the following changes to the Razor Pages application:

• Enforce authentication on Razor Pages by default.

• Ensure that the Razor Pages located inside the Public folder are still accessible anonymously.

• Ensure that the Admin page cannot be accessed by a normal authenticated user but can only be accessed by users who have claims specified in the has_specialaccess_claim policy

You need to implement these requirements in the most efficient way possible. For example, if there are multiple ways of implementing the same requirement, you must choose the option that requires the least amount of code to be written.